Entities around the world rely on technology to store sensitive data and conduct business operations. These same entities are constantly under the threat of cyber attacks that threaten to undermine the security of their critical technologies. As the frequency and severity of cyber attacks continue to rise, organizations often find themselves undermanned to respond to each attack. Attacks come frequently and in many forms. A single organization may identify, for example, hundreds of thousands of potential threat notifications a day each resulting in an alarm and/or a potential incident. A dedicated security analyst may only have the time to address a handful. As a result, millions of threats may go unresolved and/or unseen in a day, week or month. The volume of incidents that result from these threats may be so prohibitive that adding analysts barely scratches the surface of the unviewed incidents.
In addition to the sheer volume of threats facing organizations with an online presence, the variation in the types and origins of the threats grows and changes daily. No one individual can keep up with the myriad of techniques and origins that attackers may use against an organization. There are threat databases and intelligence gathering services available; however, these services may not integrate new intelligence effectively into existing security operations and incident response solutions.
To compound the difficulties in current incident response approaches, each organization is different. The organizational structure differs, the vulnerabilities differ, and thus the threats facing each organization naturally differ. For example, a hospital may house sensitive patient care information and interface with the outside world through limited web interfaces, while a bank may house financial information that motivates constant attacks. No one-sized solution fits the demands of every organization.